After commit 43c808f2ff907497dfff0988ff90a48fdcfc16ef any attempt to change a password over IPv6 fails on the server side. Samba generates the following log entries (on the domain controller): Starting GENSEC mechanism krb5 Failed to start GENSEC server mech krb5: NT_STATUS_INTERNAL_ERROR On the client side the request to change the password results in the following message after a delay of a couple of seconds: kpasswd: Cannot contact any KDC for requested realm changing password Commit 43c808f2ff907497dfff0988ff90a48fdcfc16ef changed calls to tsocket_address_bsd_sockaddr() in gensec_krb5.c such that IPv6 addresses will be rejected. Affected are all releases from branches 4.14 and 4.13. Older branches / releases are not affected. On the distro side, this bug affects soon to be released Debian Bullseye, it does neither affect current stable Debian Buster nor Ubuntu Focal (LTS).
Relevant discussion on the mailinglist: https://lists.samba.org/archive/samba-technical/2021-July/136724.html Proposed fix by @metze: https://gitlab.com/samba-team/devel/samba/-/commit/9c3aef25b1d92ea94d7400d8e4fab176cdb83187
Hmm. Another case of "don't trust static analyzers blindly". Sorry for that!
This bug was referenced in samba master: 0388a8f33bdde49f1cc805a0291859203c1a52b4
Created attachment 16676 [details] Patch for v4-14-test
Created attachment 16677 [details] Patch for v4-13-test
Karolin, Please select for the next 4.13 and 4.14 releases.
(In reply to Andrew Bartlett from comment #6) Pushed to autobuild-v4-{13,14}-test.
This bug was referenced in samba v4-14-test: c1662a8122011aa550b2ae2325de97c6f57e1485
This bug was referenced in samba v4-14-stable (Release samba-4.14.6): c1662a8122011aa550b2ae2325de97c6f57e1485
This bug was referenced in samba v4-13-test: 7065f203a9fa0618e9a72043ec925eee7c7cdd01
This bug was referenced in samba v4-13-stable (Release samba-4.13.10): 7065f203a9fa0618e9a72043ec925eee7c7cdd01
Closing out bug report. Thanks!